Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Publishing Policies

When you publish rules, the process takes into account the priority and precedence values set on the policy and the order of rules on the device. Rules are published in the order of their priority groups, with prerules in the High priority group publishing first, before prerules in the Medium and Low priority groups.

If you change the priority or precedence of a published policy, the policy must be republished for the changes to take effect. Sometimes, changing priority or precedence in one policy can affect other policies in the same priority group. However, such policies do not need to be republished in order for their changes in priority or precedence to take effect for the policies that are implicitly changed by the explicit changes to the republished policy.

To publish a policy:

  1. Select Configure > Policy-Name Policy > Policies.
  2. Select the policy that you want to publish and click Publish. The Publish Policy page appears.
  3. Select the check boxes next to the devices to which the policy changes will be published.
    Note:

    You can search for a specific device on which the policy is published by entering the search criteria in the search field. You can search the devices by their name and IP address.

  4. Select Schedule at a later time if you want to schedule and publish the configuration later.
  5. Select Run now if you want to apply the configuration immediately.
  6. Click Publish. The Affected Devices page displays the devices on which the policies will be published.
    Note:

    If there is a deprecated signature associated with a firewall policy, perform the following:

    1. Go to Junos Space Network Management Platform, select Administration > Application > Security Director > Modify Application Settings > Update Device and select Aggregate And Update Lsys Tsys configuration checkbox.

      When you check the Aggregate And Update Lsys Tsys configuration option in Junos Space Network Management Platform, the policy with the deprecated signature aggregates the configuration of logical system (LSYS) and tenant system (TSYS) from the root device. This ensures that the deprecated signatures are deleted when you update the firewall policy.

    2. Go to Security Director and navigate to Configure > Firewall Policy > Standard Policies and select the root device associated with the LSYS and click Publish or Update as required.

      On both the Publish Firewall Policy page and Update Firewall Policy, you can view the all LSYS and TSYS configurations associated with the selected root device by clicking on View.

    3. Click Publish to publish the policy on the Publish Firewall Policy page or click Publish and Update to update and publish a policy on the Update Firewall Policy page.